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DETAILED ACTION 

1 . This Office Action is in response to the filing of the Amendment, on 1 0/3/2005, 
has been considered but they are not persuasive. Accordingly, this action is made 
FINAL. 

2. Claims 1-33 are presented for examination. 

Claim Rejections - 35 USC § 102 

3. The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that 
form the basis for the rejections under this section made in this Office action: 

A person shall be entitled to a patent unless - 

(e) the invention was described in (1) an application for patent, published under section 122(b), by another 
filed in the United States before the invention by the applicant for patent or (2) a patent granted on an application for 
patent by another filed in the United States before the invention by the applicant for patent, except that an 
international application filed under the treaty defined in section 351 (a) shall have the effects for purposes of this 
subsection of an application filed in the United States only if the international application designated the United States 
and was published under Article 21 (2) of such treaty in the English language. 

4. Claims 1-33 are rejected under 35 U.S.C. 102(e) as being anticipated by Hitz 
et al., US Patent no. 6,457,130. 

5. In re claim 1 , Hitz et al. shows a method for managing file security attributes [fig 

1 ; col 4, lines 12-48] by a file server [1 10, fig 1] in a computer file storage system [fig 1], 
the computer file storage system including a file secured using a first file security model 
[fig 1], the method comprising: 

receiving a first request [col 3, line 45; col 5, line 36] from a client [120, fig 1] 
relating to the file [112, fig 1] stored in the computer file storage system, the client 
utilizing a second file security model [NT, 120, fig 1]; 

retrieving a first set of file security attributes, in accordance with the first file 
security model, associated with the file [col 4, lines 12-29], the first set of file security 
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attributes including at least an owner identifier [UID, col 4, line 16] and a group identifier 
[GID, col 4, line 17]; and 

generating a second set of file security attributes [col 6, lines 1-10], in 
accordance with the second file security model, from the set of file security attributes, 
the second set of file security attributes including a plurality of security identifiers (SID) 
[col 4, lines 46-47] including at least an owner SID [col 4, line 46] derived from the 

■ 

owner identifier and a group SID [col 4, line 47] derived from the UNIX group identifier, 
wherein at least one of the owner SID and the group SID includes at least one map 
failure indicator and the corresponding identifier ["If there is no such translation for the 
Unix user name, the file server 110 uses the Unix user name, without translation, as the 
NT user name", col 6, lines 42-48] from the first set of file security attributes, wherein 
the map failure indicator indicates that said identifier relates to the first file security 
model. 

6. In re claim 2, Hitz et al. shows the at least one map failure indicator includes an 
authority identifier, specific to the first file security model, and an owner/group indicator 

* 

having a first value to indicate that the identifier is the owner identifier from the first set 
of security attributes [col 6, lines 42-48], and a second value to indicate that the 
identifier is the group identifier from the first set of security attributes [col 6, lines 42-48]. 

7. In re claim 3, Hitz et al. shows the at least one map failure indicator includes an 
authority identifier, specific to the first file security model, having a first value to indicate 
that the identifier is the owner identifier from the first set of file security attributes and a 
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second value to indicate that the identifier is the group identifier from the first set of file 
security attributes [col 6, lines 42-48]. 

8. In re claim 4, Hitz et al. shows generating the second set of file security attributes 
[col 6, lines 25-52] from the first set of file security attributes comprises: 

attempting to map each identifier from the first set of file security attributes to a 
corresponding identifier from the second set of file security attributes [col 6, lines 25-52; 
col 7, lines 53-54]; and 

generating, for each identifier from the first set of file security attributes that 
cannot be mapped to a corresponding identifier from the second set of file security 
attributes, the SID including the at least one map failure indicator and the corresponding 
identifier from the first set of file security attributes [col 6, lines 46-48; col 7, lines 60-64]. 

9. In re claim 5, Hitz et al. shows attempting to map each identifier from the first set 
of file security attributes to a corresponding identifier from the second set of file security 
attributes comprises: 

maintaining a table mapping a first set of names in accordance with the first file 
security model to a second set of names in accordance with the second file security 
model [col 6, lines 25-52]; 

* 

determining a name from the first set of names corresponding to the identifier 
from the first set of file security attributes [col 6, lines 25-52; col 8, lines 7-10]; and 

searching the table for a name from the second set of names corresponding to 
the name from the first set of names [col 6, lines 25-52], 
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10. In re claim 6, Hitz et al. shows determining a name from the first set of names 
corresponding to the identifier from the first set of file security attributes comprises [col 
6, lines 25-52]: 

maintainting a cache mapping [col 6, lines 62-63] identifiers from the first set of 
file security attributes to names in the first set of names; and 

searching the cache for a name from the first set of names corresponding to the 
identifier from the first set of file security attributes [col 6, lines 62-63]. 

11. In re claim 7, Hitz et al. shows sending the identifier from the first set of file 
security attributes over a communication link to a NIS server [col 7, line 59]; and 
receiving the name from the first set of names over the communication link from the NIS 
server [col 7, line 59]. 

12. In re claim 8, Hitz et al. shows transmitting the second set of file security 
attributes to the client in a response to the first request [col 5, lines 51-55]. 

13. In re claim 9, Hitz et al. shows receiving a second request from the client utilizing 
the second file security model including at least one of said SIDs including at least one 
map failure indicator and the corresponding identifier from the first set of file security 
attributes [col 6, lines 49-52]; 

translating the at least one of said SIDs into a text string [col 6, lines 43-44]; and 

translating the text string to the client in a response to the second request [col 6, 

■ 

lines 43-44]. 
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14. In re claim 10, Hitz et al. shows the text string includes a representation of the 
identifier from the SID [col 6, lines 43-44]. 

15. In re claim 1 1 , Hitz et al. shows a first set of file permissions, in accordance with 
the first file security model [col 6, lines 16-48], and wherein generating the second set of 
file security attributes from the first set of file security attributes further comprises: 

generating a second set of file permissions, in accordance with the second file 
security model, from the first set of file permissions [col 6, lines 16-48]. 

16. In re claim 12, Hitz et al. shows at least one requested change to the security 
attributes of the file [col 8, line 1 1], and wherein the method further comprises: 

applying the requested security attribute changes to the second set of file 
security attributes to create a modified set of file security attributes in accordance with 
the second file security model [col 8, lines 35-46]; and 

writing the modified set of file security attributes to the file [col 8, lines 35-46], 
said writing effectively changing the security model of the file from the first file security 
model to the second file security model [col 8, lines 35-46]. 

17. In re claims 13-14, Hitz et al. shows a session having a session owner and 
session group [col 4, lines 63, 46-47]. 

18. In re claim 15, Hitz et al. shows translating the first set of file permissions into a 
second set of file permissions, the second set of file permissions defining owner 
permissions, group permissions, and everybody permissions [col 10, lines 1-17]. 
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19. In re claim 16, Hitz et al. shows an apparatus for managing file security attributes 
in a computer file storage system [fig 1], the computer file storage system including a 
file secured using a first file security model, the file associated with a first set of file 
security attributes including an owner identifier and a group identifier [col 4, lines 8-42], 
the apparatus comprising: 

a network interface [120, fig 1] for communicating with clients over a 
communication network [fig 1]; 

a storage interface [110, fig 1] for communicating with a file storage device [1 1 1]; 

and 

file security logic [CIFS, NFS, fig 1] operating between the network interface and 
the storage interface for managing file security attributes, the file security logic including 
logic for generating a second set of file security attributes, in accordance with a second 
file security model [col 6, lines 1-10], from the first set of file security attributes, the 

■ 

second set of file security attributes including at least an owner SID derived from the 
owner identifier and a group SID derived from the group identifier [col 4, lines 12-54; col 
6, lines 25-52], wherein at least one of the owner SID and the group SID includes at 
least one map failure indicator and the corresponding identifier from the first set of file 
security attributes, wherein the map failure indicator indicates that said identifier relates 
to the first file security model [col 6, lines 45-48]. 

20. In re claim 29, Hitz et al. shows an apparatus for managing file security attributes 
[fig 1; col 4, lines 12-48] in a computer file storage system [fig 1], the apparatus 
comprising: 
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means for translating an owner identifier in accordance with a first file security 
model into an owner SID, compatible with a second file security model [col 6, lines 25- 
30; col 4, lines 12-56]; 

means for translating a group identifier in accordance with a first file security 
model into a group SID, compatible with the second file security model [col 6, lines 25- 

■ 

30; col 4, lines 12-56]; and 

means for translating file access permissions, in accordance with a first file 
security model, into an access control list, compatible with the second file security 
model [col 6, lines 25-30; col 4, lines 12-56]. 

21. Claims 17-28 and 30-33 are rejected under the same rationale as discussed 
above in claims 1-16 and 29. 

Response to Arguments 

Applicant's arguments filed have been fully considered but they are not 
persuasive. 

In the remarks, applicants argued in substance that (1) Hitz does not show when 
the system is unable to map a Unix name to a Windows name, the system returns the 
Unix ID along with a Unix-specific indicator. 

Examiner respectfully traverses applicants' remarks. 
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As to point (1 ), Unix ID along with a Unix-specific indicator are not found in the 
amended claims. Claimed subject matter, not the specification, is the measure of 
invention. Limitations in the specification cannot be read into the claims for the purpose 
of avoiding the prior art. In re Self, 213 USPQ 1,5 (CCPA 1982); In re Priest, 199 
USPQ 11,15 (CCPA 1978). 

In addition, Hitz does show map failure indicator and the corresponding identifier 
from the first set of file security attributes, wherein the map failure indicator indicates 
that said identifier relates to the first file security model. Hitz stated "The file server 110 
translates the Unix user name into an NT user name using a selected mapping file. ... If 
there is no such translation for the Unix user name, the file server 110 uses the Unix 
user name, without translation, as the NT user name" in col 6, lines 42-48. The Unix 
user name, without translation, as the NT user name serves as the map failure indicator 

« 

and the corresponding identifier. 

Conclusion 

This Office Action is in response to the filing of the Amendment, on 10/3/2005, 
has been considered but they are not persuasive. Accordingly, THIS ACTION IS 
MADE FINAL. See MPEP § 706.07(a). Applicant is reminded of the extension of time 
policy as set forth in 37 CFR 1.136(a). 

A shortened statutory period for reply to this final action is set to expire THREE 
MONTHS from the mailing date of this action. In the event a first reply is filed within 
TWO MONTHS of the mailing date of this final action and the advisory action is not 
mailed until after the end of the THREE-MONTH shortened statutory period, then the 
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shortened statutory period will expire on the date the advisory action is mailed, and any 
extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of 
the advisory action. In no event, however, will the statutory period for reply expire later 
than SIX MONTHS from the date of this final action. 

Any response to this action should be mailed to: 

Mail Stop 

Commissioner for Patents 
P.O. Box 1450 
Alexandria, VA 22313-1450 

The centralized fax number is 571-273-8300. 

The centralized hand carry paper drop off location is: 

U.S. Patent and Trademark Office 

Customer Service Window, Mail Stop 

Randolph Building 
401 Dulany Street 
Alexandria, VA 22314 

Any inquiry of a general nature or relating to the status of this application should 
be directed to the central telephone number (571) 272-2100. 

Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Harold Kim whose telephone number is 571-272-4148. 
The examiner can normally be reached on Monday-Friday 9AM-5PM. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Fritz Fleming can be reached on 571-272-4145. The fax phone number for 
the organization where this application or proceeding is assigned is 571-273-8300. 



Application/Control Number: 10/646,365 



Page 1 1 



Art Unit: 2182 

Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for 
published applications may be obtained from either Private PAIR or Public PAIR. 
Status information for unpublished applications is available through Private PAIR only. 
For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 
you have questions on access to the Private PAIR system, contact the Electronic 
Business Center (EBC) at 866-217-9197 (toll-free). 



Patent Examiner 
March 28, 2006/HK 





